Invalid pVertices in pie_Draw3DShape2() #2041

wzdev-ci · 2010-07-31T20:44:45Z

resolution_fixed type_bug | by vexed

>	Warzone2100-Dbg.exe!pie_Draw3DShape2(_iIMDShape * shape=0x065860c0, int frame=0x00000000, PIELIGHT colour={...}, PIELIGHT specular={...}, int pieFlag=0x00000002, int pieFlagData=0x00000078)  Line 196 + 0x3 bytes	C
 	Warzone2100-Dbg.exe!pie_Draw3DShape(_iIMDShape * shape=0x065860c0, int frame=0x00000000, int team=0x00000000, PIELIGHT colour={...}, PIELIGHT specular={...}, int pieFlag=0x00000002, int pieFlagData=0x00000078)  Line 532 + 0x1d bytes	C
 	Warzone2100-Dbg.exe!renderDeliveryPoint(_flag_position * psPosition=0x0013f534, int blueprint=0x00000001)  Line 2756 + 0x35 bytes	C
 	Warzone2100-Dbg.exe!displayBlueprints()  Line 1717 + 0xb bytes	C
 	Warzone2100-Dbg.exe!drawTiles(iView * player=0x011fac80)  Line 1075	C
 	Warzone2100-Dbg.exe!displayTerrain()  Line 691 + 0xa bytes	C
 	Warzone2100-Dbg.exe!draw3DScene()  Line 465	C
 	Warzone2100-Dbg.exe!displayWorld()  Line 1409	C
 	Warzone2100-Dbg.exe!gameLoop()  Line 607	C

-		pPixels	0x0013ce80 {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }	Vector3f *
		x	-1.0737418e+008	float
		y	-1.0737418e+008	float
		z	-1.0737418e+008	float
-		pVertices	0x00000084 {x=??? y=??? z=??? }	Vector3f *
		x	CXX0030: Error: expression cannot be evaluated	
		y	CXX0030: Error: expression cannot be evaluated	
		z	CXX0030: Error: expression cannot be evaluated	
-		scrPoints	0x0013ce80 {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }	Vector3f [768]
+		[0x0]	{x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }	Vector3f
+		[0x1]	{x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }	Vector3f
+		[0x2]	{x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }	Vector3f
+		[0x3]	{x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }	Vector3f

...
...
+		[0x2fe]	{x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }	Vector3f
+		[0x2ff]	{x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }	Vector3f
-		shape	0x065860c0 {texpage=0x00000003 sradius=0x00000532 radius=0x064e47b8 ...}	_iIMDShape *
		texpage	0x00000003	int
		sradius	0x00000532	int
		radius	0x064e47b8	int
+		min	{x=0.00000000 y=5.605e-045#DEN z=0.00000000 }	Vector3f
+		max	{x=0.00000000 y=-4.2201683e+037 z=8.266e-040#DEN }	Vector3f
+		ocen	{x=1.5987320e-036 y=7.0691019e-037 z=3.2820284e-035 }	Vector3f
		numFrames	0x3390	unsigned short
		animInterval	0x0075	unsigned short
		npoints	0x00000187	unsigned int
+		points	0x00000084 {x=??? y=??? z=??? }	Vector3f *
		npolys	0x00000001	unsigned int
+		polys	0x016923ba {flags=0x00000000 zcentre=0x00030000 npnts=0x0100000c ...}	iIMDPoly *
		nconnectors	0xfdfdfdfd	unsigned int
+		connectors	0x065450e0 {x=0.00000000 y=2.476e-040#DEN z=1.1396089e-033 }	Vector3f *
		nShadowEdges	0x0661b9e8	unsigned int
+		shadowEdgeList	0x00000000 {from=??? to=??? }	edge_ *
+		next	0x00000000 {texpage=??? sradius=??? radius=??? ...}	_iIMDShape *
		shape->npoints	0x00000187	unsigned int
-		shape->points	0x00000084 {x=??? y=??? z=??? }	Vector3f *
		x	CXX0030: Error: expression cannot be evaluated	
		y	CXX0030: Error: expression cannot be evaluated	
		z	CXX0030: Error: expression cannot be evaluated	
		tempY	-1.0737418e+008	float

I think it was trying to move the delivery point while the building got blown up.

Issue migrated from trac:2041 at 2022-04-15 22:10:57 -0700

The text was updated successfully, but these errors were encountered:

wzdev-ci · 2012-06-10T10:10:51Z

Safety0ff commented

I haven't managed to reproduce this, the closest I've gotten was tripping the following assert:

info    |01:04:33: [displayBlueprints:1711] Expected a delivery point.
info    |01:04:33: [displayBlueprints:1711] Assert in Warzone: display3d.cpp:1711 (deliveryPointToMove != __null), last script event: 'N/A'

wzdev-ci · 2012-06-10T10:34:20Z

Safety0ff changed _comment1 which not transferred by tractive

wzdev-ci · 2012-06-10T10:34:20Z

Safety0ff changed _comment0 which not transferred by tractive

wzdev-ci · 2012-06-10T10:34:20Z

Safety0ff changed _comment3 which not transferred by tractive

wzdev-ci · 2012-06-10T10:34:20Z

Safety0ff changed _comment2 which not transferred by tractive

wzdev-ci · 2012-06-10T10:34:20Z

Safety0ff commented

Maybe related:

info    |01:30:58: [renderDeliveryPoint:2583] Invalid assembly point
info    |01:30:58: [renderDeliveryPoint:2583] Assert in Warzone: display3d.cpp:2583 (psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS), last script event: '29 (CALL_RESEARCHCOMPLETED)'
info    |01:30:58: [renderDeliveryPoint:2583] Invalid assembly point
info    |01:30:58: [renderDeliveryPoint:2583] Assert in Warzone: display3d.cpp:2583 (psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS), last script event: '29 (CALL_RESEARCHCOMPLETED)'
info    |01:30:58: [renderDeliveryPoint:2583] Invalid assembly point
info    |01:30:58: [renderDeliveryPoint:2583] Assert in Warzone: display3d.cpp:2583 (psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS), last script event: 'N/A'
info    |01:30:58: [renderDeliveryPoint:2583] Invalid assembly point
info    |01:30:58: [renderDeliveryPoint:2583] Assert in Warzone: display3d.cpp:2583 (psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS), last script event: 'N/A'
info    |01:30:58: [pie_MatBegin:93] pie_MatBegin past top of the stack
info    |01:30:58: [pie_MatBegin:93] Assert in Warzone: piematrix.cpp:93 (_MATRIX_INDEX < 8), last script event: 'N/A'
info    |01:30:58: [pie_MatBegin:93] pie_MatBegin past top of the stack
info    |01:30:58: [pie_MatBegin:93] Assert in Warzone: piematrix.cpp:93 (_MATRIX_INDEX < 8), last script event: 'N/A'

Steps:

open struct spawning debug menu
click on borg factory and hold shift (don't let go of shift for the remainder of procedure.)
borg factories(in a place where one will get destroyed)
click the delivery point of the first borg factory, then the delivery point of the second.
move your mouse around until the first factory gets destroyed. (May require ctrl+shift clicking)
crash.

wzdev-ci · 2012-06-10T10:37:17Z

Safety0ff uploaded file wz2100-20120610_133559-Sk-Rush.jpg (193.2 KiB)

my setup for above post

wzdev-ci · 2012-06-10T10:40:06Z

Safety0ff commented

If that assert is invalid ((psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS)'

Then you can overflow an array and likely get your invalid psVerts.

wzdev-ci · 2012-06-10T11:11:55Z

Safety0ff uploaded file 0001-Make-sure-we-pop-our-matrix-when-triggering-ASSERT_O.patch (1.6 KiB)

wzdev-ci · 2012-06-10T12:29:37Z

Safety0ff commented

Looks like "deliveryPointToMove" can become dangling and cause all kinds of issues. Just need to figure out a good solution to this.

wzdev-ci · 2012-06-10T12:55:07Z

Safety0ff changed _comment1 which not transferred by tractive

wzdev-ci · 2012-06-10T12:55:07Z

Safety0ff changed _comment2 which not transferred by tractive

wzdev-ci · 2012-06-10T12:55:07Z

Safety0ff commented

Bah, found more gerard hacks. The delivery points are treated as buildings as a hack to render them...

I suspect it causes more issues in the mouse handling code too.

wzdev-ci · 2012-06-10T12:55:07Z

Safety0ff changed _comment0 which not transferred by tractive

wzdev-ci · 2012-06-10T13:05:20Z

Safety0ff changed priority from normal to major

wzdev-ci · 2012-06-20T16:27:34Z

Safety0ff uploaded file 0001-Fix-dangling-pointer-when-structures-are-destroyed-a.patch (18.3 KiB)

wzdev-ci · 2012-06-20T16:28:26Z

Safety0ff commented

As a side effect, you can no longer "quick queue" cheat yourself units.

wzdev-ci · 2012-06-21T15:47:05Z

safety0ff changed status from new to closed

wzdev-ci · 2012-06-21T15:47:05Z

safety0ff changed resolution from `` to fixed

wzdev-ci · 2012-06-21T15:47:05Z

safety0ff commented

Fix dangling pointer when structures are destroyed and you are repositioning the delivery point.

Untangles delivery points code from building placement code.
You can no longer "quick queue" units from the debug menu.

Fixes #2041.

Changeset: [/changeset/6382bbb08ea7e6ca93a0ba83fdb65952778c962a 6382bbb08ea7e6ca93a0ba83fdb65952778c962a]
URL: [6382]bbb08ea7e6ca93a0ba83fdb65952778c962a

wzdev-ci · 2012-06-25T12:45:02Z

safety0ff commented

Fix dangling pointer when structures are destroyed and you are repositioning the delivery point.

Untangles delivery points code from building placement code.
You can no longer "quick queue" units from the debug menu.

Fixes #2041.

Changeset: [/changeset/6382bbb08ea7e6ca93a0ba83fdb65952778c962a 6382bbb08ea7e6ca93a0ba83fdb65952778c962a]
URL: [6382]bbb08ea7e6ca93a0ba83fdb65952778c962a

wzdev-ci · 2012-06-29T08:10:46Z

safety0ff commented

Fix dangling pointer when structures are destroyed and you are repositioning the delivery point.

Untangles delivery points code from building placement code.
You can no longer "quick queue" units from the debug menu.

Fixes #2041.

Changeset: [/changeset/6382bbb08ea7e6ca93a0ba83fdb65952778c962a 6382bbb08ea7e6ca93a0ba83fdb65952778c962a]
URL: [6382]bbb08ea7e6ca93a0ba83fdb65952778c962a

wzdev-ci · 2012-08-04T08:20:55Z

safety0ff commented

Fix dangling pointer when structures are destroyed and you are repositioning the delivery point.

Untangles delivery points code from building placement code.
You can no longer "quick queue" units from the debug menu.

Fixes #2041.

Changeset: [/changeset/6382bbb08ea7e6ca93a0ba83fdb65952778c962a 6382bbb08ea7e6ca93a0ba83fdb65952778c962a]
URL: [6382]bbb08ea7e6ca93a0ba83fdb65952778c962a

wzdev-ci · 2016-06-22T10:00:38Z

Cyp commented

Marked #3295 as duplicate of this.

wzdev-ci closed this as completed Jun 21, 2012

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid pVertices in pie_Draw3DShape2() #2041

Invalid pVertices in pie_Draw3DShape2() #2041

wzdev-ci commented Jul 31, 2010

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 20, 2012

wzdev-ci commented Jun 20, 2012

wzdev-ci commented Jun 21, 2012

wzdev-ci commented Jun 21, 2012

wzdev-ci commented Jun 21, 2012

wzdev-ci commented Jun 25, 2012

wzdev-ci commented Jun 29, 2012

wzdev-ci commented Aug 4, 2012

wzdev-ci commented Jun 22, 2016

Invalid pVertices in pie_Draw3DShape2() #2041

Invalid pVertices in pie_Draw3DShape2() #2041

Comments

wzdev-ci commented Jul 31, 2010

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 10, 2012

wzdev-ci commented Jun 20, 2012

wzdev-ci commented Jun 20, 2012

wzdev-ci commented Jun 21, 2012

wzdev-ci commented Jun 21, 2012

wzdev-ci commented Jun 21, 2012

wzdev-ci commented Jun 25, 2012

wzdev-ci commented Jun 29, 2012

wzdev-ci commented Aug 4, 2012

wzdev-ci commented Jun 22, 2016